purecrypter | 5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d

Analysis

max time kernel
145s
max time network
150s
platform
windows10-1703_x64
resource
win10-20231129-en
resource tags

arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
submitted
03-12-2023 17:39

Target

5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d.exe
Size

5KB
MD5

18504fb9ba59f471213e6ca3703e1cd6
SHA1

61a1f2feda35fd3dccd9b2e50ebe4c4bb131a3c8
SHA256

5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d
SHA512

d719a2c0631371b6aa89999e99e9ed5f235b3df17f649376d3298a73ab3a7b717a33f9cbcf01a564279de868eb7f5fd10e24ce7aad1256cdbf0b045d259edf3d
SSDEEP

48:6UkYEJRdmjkXAhwnKpfezwK3UD1qtPRadTCl1Ni7Yq7VpnBs9tiOlF4qFqpfbNtm:MYqdBAynufe3UqtQTI1MD693ozNt

Score

10^/10

Family

purecrypter

http://verifycleansecurity.com/seven/Rpbqrknhea.pdf

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3692	5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d.exe

C:\Users\Admin\AppData\Local\Temp\5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d.exe
"C:\Users\Admin\AppData\Local\Temp\5b24e9dd633f1a3e33a1709c844b5a024cc3b64b2295758664ee74a2b7b64d7d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3692

memory/3692-0-0x000002E5FD990000-0x000002E5FD998000-memory.dmp

Filesize
32KB

Download
memory/3692-1-0x00007FFBF8880000-0x00007FFBF926C000-memory.dmp

Filesize
9.9MB

Download
memory/3692-2-0x000002E5FF800000-0x000002E5FF810000-memory.dmp

Filesize
64KB

Download
memory/3692-3-0x00007FFBF8880000-0x00007FFBF926C000-memory.dmp

Filesize
9.9MB

Download
memory/3692-4-0x000002E5FF800000-0x000002E5FF810000-memory.dmp

Filesize
64KB

Download